• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

ProductCart techErr.asp error Variable XSS

Network Security News – Thursday, April 07, 2005 Events

ProductCart techErr.asp error Variable XSS

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error' variable upon submission to the techErr.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15268

ProductCart NewCust.asp redirectUrl Variable XSS

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'redirectUrl' variable upon submission to the NewCust.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15266

ProductCart storelocator_submit.asp country Variable XSS

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'country' variable upon submission to the storelocator_submit.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15267

ProductCart advSearch_h.asp Multiple Parameter SQL Injection

ProductCart contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idCategory' and 'resultCnt' variables in the advSearch_h.asp script are not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15263

ProductCart advSearch_h.asp keyword Variable XSS

ProductCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the advSearch_h.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15264

Active Auction House sendpassword.asp Title Variable XSS

Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Title' or 'Table' variables upon submission to the sendpassword.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15286

Active Auction House ItemInfo.asp itemID Parameter SQL Injection

Active Auction House contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'itemID' variable in the ItemInfo.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15282

Active Auction House watchthisitem.asp itemid Variable XSS

Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'itemid' variable upon submission to the watchthisitem.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15287

Active Auction House sendpassword.asp Email Field SQL Injection

Active Auction House contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Email field in the sendpassword.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15283

Active Auction House start.asp ReturnURL Variable XSS

Active Auction House contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ReturnURL', 'password' or 'username' variables upon submission to the start.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15284

GNU Sharutils Unshar Local Insecure Temporary File Creation Vulnerability

The GNU Sharutils are a collection of utilities for creating and manipulating shell archive files. It is freely available for Unix and Unix variant operating systems. The…

. Read more at securityfocus.com/bid/12981?ref=rss

CubeCart Multiple SQL Injection Vulnerabilities

CubeCart is an online storefront application written in PHP. It utilizes a MySQL database for data storage.CubeCart is reported prone to multiple SQL injection vulnerab…

. Read more at securityfocus.com/bid/13050?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software